The Internet has been grumbling over Sony's unexpected PlayStation Network shutdown for the past few days, but new information from the company will put the outrage into overdrive. According to Sony's official statement:
we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
That's about as bad as it gets. We'd actually go a step farther and recommend users cancel existing credit cards and order new ones. While this is always an annoying hassle, it's even more frustrating when one is forced to do it minus the $900 someone already stole. Credit card companies and banks make good on such transactions the majority of the time, but it often takes 5-10 days for them to do so. Meanwhile, you're still out the cash.
The PSN Network (Artist's Interpretation)
Sony's wording implies that it doesn't know if the entire network was affected (current estimates are that the PSN has some 77 million subscribers.) The delay had already drawn criticism from certain corners; Senator Richard Blumenthal fired off a letter to Sony USA declaring himself to be "troubled" by the company's slowness.
Security expert Bruce Schneier offered one of the best summaries of the situation ever. "This happens a lot, and there's nothing you can do about it," Schneier said. "You might be screwed, but you'll basically be OK." Indeed. Unless it turns out that millions of credit cards or other personally identifiable information was stole as well, Sony will pull out of this reasonably well. Sony intends to begin restoring some PSN / Qriocity services by next week. We can't wait to find out whose behind this, and whether or not the attack was driven by ideological differences or was simply a group of hackers taking advantage of a flaw. Anonymous has stated "For once, we didn't do it," which leaves us wondering--"Who did?"